class SessionsController < ApplicationController
 
  def create
    reset_session
    
    username = params[:username]
    password = params[:password]

    if username.empty? || password.empty?
      flash[:error] = "Enter your username and password"
      redirect_to :action => :new
      return
    end

    user = User.authenticate(username, password)
 
    if user
      user_state = UserState.new(username)
      store_user_state(user_state)
      redirect_to root_path
    else
      flash[:error] = "The username or password is incorrect"
      redirect_to :action => :new
    end
  end
  
  def destroy
    reset_session
    redirect_to root_path
  end
end
